Direkt zum Hauptbereich

Exchange ActiveSync Mailbox Policies and Exchange Remote Wipe

Exchange Active Policies help you to remotely configure Android, iPhone and Windows Phone smartphones and Exchange Remote Wipe allows you to remotely erase all data on a lost smartphone.
Since the uptake of smartphones has become more widespread, it is more than likely that your end users will require access to their corporate email via their smartphones. Whether or not the smartphone is company supplied . It is certainly a sensible idea to make sure that we have policies in place to protect our data should it end up in the wrong hands.

Exchange ActiveSync Mailbox Policies

Exchange 2010 has a feature called “Exchange ActiveSync Mailbox Policies”. You can find this in the Exchange Management Console, within the “Organization Configuration\Client Access” node from the tree view. You will notice that within the Exchange ActiveSync Mailbox Policies tab, you can create multiple policies – these can then be applied to different groups of users. I just want a common policy throughout my entire organization, so I will just modify the default policy that is already listed.
Exchange ActiveSync Mailbox Policies
Exchange ActiveSync Mailbox Policies
Using the policy properties, you can force devices to use a passcode, set the minimum length or enable encryption, and so on.We can disable some function of an smartphone such as its camera, or Wi-Fi should this be a requirement in your organization.
Once a compatible ActiveSync device is synchronized with your Exchange organization, the appropriate policy will be applied, and the smartphone will react accordingly. It should be noted though that these policies do not apply to all devices , so it’s important to check it out first. The vast majority of smartphones in our organization are iPhones – Apple published a list of the supported policies on their developer site.

Exchange Remote Wipe

Should the inevitable happen, and a user loses their phone with all their company emails and trade secrets on it, and it doesn’t look like it’s coming back any time soon, we have a couple of ways of performing a remote device wipe. Firstly, the end user can do it on their own via Outlook Web Access (great if they lose the device when the helpdesk isn’t yet open!). The user will need to log into OWA, and select options from the top right, then select “see all options” from the menu. Once you’re in the OWA options screen, select phone from the right, and you should be presented with a list of mobile devices associated with your Exchange account. From the list of devices, simply select the device in question, and click the “wipe device button”.
Chances are that the end users will just ring the helpdesk to request that the device be remotely wiped. An Exchange administrator can easily do this from the Exchange Management Console. Navigate to the Recipient Configuration\Mailbox node from the tree view. In the main area of the console, right click the user in question, then select “manage mobile phone” from the context menu. You will be presented with a list of mobile devices that are associated with the user’s Exchange account – select the appropriate device, click the “remote wipe” radio button, then click the “clear” button.
Exchange Remote Wipe
Exchange Remote Wipe
Shortly after this, the mobile device should perform a full wipe and erase all data. If your staff are accessing your corporate emails via their personal smartphones, it might be an idea to let them know that you have the ability to wipe mobile devices should they be lost – many users might lose their smartphones and never tell you otherwise!

Kommentare

Beliebte Posts aus diesem Blog

Microsoft Office 2013 aktivieren via Kommandozeile

Wie man das neue Microsoft Office 2013 aktiviert via Kommandozeile, das werde ich euch in dem folgenden Beitrag Schritt für Schritt erklären. Gerade in grösseren Systemumgebungen in welchen die Clients und Standard Software automatisiert installiert werden, kann das sehr hilfreich sein und erspart einem viel Arbeit nach der Installation des Clients. Das Ziel sollte sein, möglichst viel zu automatisieren und soweit möglich, wenig noch händisch zu konfigurieren. Da kommt dieser Beitrag sicherlich nicht ungelegen. Die folgenden Befehle könnte man beispielsweise ganz einfach in eine MDT (Microsoft Development Toolkit) Umgebung mit einbeziehen oder auch mit anderer Software benutzen. Wichtig zu wissen ist, dass dies nur dann funktioniert, wenn Microsoft Office 2013 über das Internet aktiviert wird. Hat man einen eigenständigen Aktivierungsserver (KMS), funktioniert dies nicht. Zudem müssen die Befehle alle mit Administrator Rechte ausgeführt werden. Normale Benutzerberechtigungen genügen …

Windows Domain Controller: Es sind momentan keine Anmeldeserver zum Verarbeiten der Anmeldeanforderung verfügbar

Zurzeit häuft sich (warum auch immer) das Problem dass nach einem Neustart eines Windows Domain Controllers bei der Anmeldung die Fehlermeldung „Es sind momentan keine Anmeldeserver zum Verarbeiten der Anmeldeanforderung verfügbar“ kommt und eine Anmeldung so nicht möglich ist Das Problem ist hierbei das der Domain Controller im Active Directory Reperatur Modus (Abgesicherter Modus) startet. Am einfachsten lässt sich dieses Problem folgendermaßen beheben: 1) Anmeldung mit dem DSRM (Directory Services Restore Mode) / Verzeichnisdienstwiederherstellungskennwort Falls die Anmeldung nicht funktioniert kann man einen Workaround wie hier beschrieben durchführen. 2) Systemkonfiguration mittels msconfig.exe aufrufen

WSUS won’t uninstall or re-install

Hat heute ein Problem mit WSUS unter Windows Server 2008 R2 bei einem Kunden. Das Problem - die Clients konnten keinen Verbindung zum WSUS Server herstellen. Die Deinstallation wurde unerwartet beenden mit folgender Fehlermeldung: Attempt to un-install Windows Server Update Services failed with error code 0x80070643. Fatal error during installation  Die Lösung: I don’t like Windows Server Update Services (WSUS), but it’s the free alternative many companies select over the higher cost alternatives like Intune or Systems Center. So, today I had to repair a damaged WSUS installation. Turns out someone uninstalled SQL Server 2005 Express not realizing WSUS was using it. Now firing up the WSUS console just yielded an error complaining about the missing SQL database. So like any good troubleshootin IT guy the first thing I tried was to uninstall WSUS…sadly, however the product would not uninstall or re-install. Here’s how I finally got rid of it: [the problem] WSUS 3.0 SP2 is missing SQL serv…